rule adonunix2 {
  meta:
    author = "Tim Brown @timb_machine"
    description = "Hunts for binaries that attack AD on UNIX"
  strings:
    $quest = "/quest"
    $sss = "/sss"
    $pbis = "/pbis"  
    $ipa = "/ipa"
    $samba = "/samba"
    $krb5 = "/krb5"
  condition:
    $quest or $sss or $pbis or $ipa or $samba or $krb5
}
